mac80211: Ensure tid_start_tx is protected by sta->lock
authorBen Greear <greearb@candelatech.com>
Wed, 12 Jun 2013 21:08:44 +0000 (14:08 -0700)
committerJohannes Berg <johannes.berg@intel.com>
Thu, 13 Jun 2013 08:27:07 +0000 (10:27 +0200)
All accesses of the tid_start_tx lock should be protected
by sta->lock if there is any chance that another thread
could still be accessing the sta object.

Signed-off-by: Ben Greear <greearb@candelatech.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
net/mac80211/ht.c
net/mac80211/sta_info.h

index 75dff338f581dd2acb978f53552b5850585c8bbf..f83534f6a2eec14abcb237196e4d6a233e2f8136 100644 (file)
@@ -281,13 +281,14 @@ void ieee80211_ba_session_work(struct work_struct *work)
                                sta, tid, WLAN_BACK_RECIPIENT,
                                WLAN_REASON_UNSPECIFIED, true);
 
+               spin_lock_bh(&sta->lock);
+
                tid_tx = sta->ampdu_mlme.tid_start_tx[tid];
                if (tid_tx) {
                        /*
                         * Assign it over to the normal tid_tx array
                         * where it "goes live".
                         */
-                       spin_lock_bh(&sta->lock);
 
                        sta->ampdu_mlme.tid_start_tx[tid] = NULL;
                        /* could there be a race? */
@@ -300,6 +301,7 @@ void ieee80211_ba_session_work(struct work_struct *work)
                        ieee80211_tx_ba_session_handle_start(sta, tid);
                        continue;
                }
+               spin_unlock_bh(&sta->lock);
 
                tid_tx = rcu_dereference_protected_tid_tx(sta, tid);
                if (tid_tx && test_and_clear_bit(HT_AGG_STATE_WANT_STOP,
index bd12fc54266cf059094decb56dbbcf8ef4495bdf..4208dbd5861f4d87cc8fa94aefc7c00f51e72eed 100644 (file)
@@ -203,6 +203,7 @@ struct tid_ampdu_rx {
  *     driver requested to close until the work for it runs
  * @mtx: mutex to protect all TX data (except non-NULL assignments
  *     to tid_tx[idx], which are protected by the sta spinlock)
+ *     tid_start_tx is also protected by sta->lock.
  */
 struct sta_ampdu_mlme {
        struct mutex mtx;